If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Drilling down Apache codes for fun and learning

Alright
I've done my researches and experiments about stack (and heap) buff Over flow, format strings, networks, exploit, payloads, c++, socks programming, assemble, and so on.
Now I wanna take a step furher. It'd be much more fun if I were able to costumize my exploits and even write my own. I've been reading some exemples about the process of writing exploits, but so far all of them are about samples programs, not real ones. So I decided to make some "case studies", I mean, take a known and wide used daemon, like Apache, and looking into his source code for how a given function could be exploited, or debugging it and see how he behaves in a machine level. Or maybe, find out how old classic exploits of early apache versions were developed.

Anyway, what I'm doing here is asking you guys for tips, books, threads, or any text about how to identify vulnerability and the techiniques to exploit them. Papers, ezines, other forums, showing in details how a given exploit works inside a given program would be nice too.
And finally, where the hell can I chat to people about this stuff?! By now, I've been doing things alone, but a little bit of real time conversation would also be nice.

I hope I've been understandable here and that you could help me. I think I don't need to mention that answers like "google it", "google is ur friend", are very unwelcomed. If I wanted look out for my own, like I've done so far, I would do it. I was just woundered I could use the experience of people how had already been trough this "step of the ladder". After all, no problem should be solved twice.

Re: Drilling down Apache codes for fun and learning

There's tutorials all over the place on this subject. The ones I am fond of are the ones here, and here. There are further references linked from each of those general areas. I might be a little biased in at least one of those cases.

And by the way, Googling "buffer overflow tutorial" led me directly to one of the tutorials that I just mentioned. Just sayin.

Some other general links I have found helpful that I dont think are linked from either of the above:SkypherOpenRCE

"Hacking: The Art of Exploitation" is a good book on the subject, as is "The Shellcoders Handbook".

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

Nice post Lupin

Thanks for the answer lupin. As I tought googling "buffer overflow tutorial" would not led me to anything new. By the way, I've just ended studing "The Art of Explotation" (i mean, reading very carefully and praticing the exemples...not just reading). Indeed its very nice. In fact, the idea of studing a real daemon like apache came from the experimentations with the "Tiny Daemon", which was very useful...yet limited.

Your tutorials look like a nice start in what I was willing and openRCE looks very promising. The 4th tutorial caught my attention, 'cause H:TAoE didn't coverd after free heap buffer overflow. Also an sample of client based exploit, what is inspiring, since I was too focus in a server perspective so far.
It's also a oportunity to start scratch some bits with pearl, python and that stuff you have used. OpenRC and Corelan are also very promising. All links bookmarked.
A lot to learn, but I eat fast, and soon I will need more. If anyone out there have some material to post, hints, advices, or any enlightening guidence, I'm starving.

Come on people, lupin hit the bullzeyes. That is the way I'm looking at. Push further. Finding (remote) vulnerabilities in real programs and writing exploits. That is the theme.

Ps: By the way, forgive me for the bad english, it's not my mother language and, yet I read a lot, I don't type it very often.

nice hint compaq

Nice shot compaq!
I was studing lupin's tutorials and, as I said, they are nice because they were done using real prograns that you can find over there, like Ant server.
But u got what I mean when u post the link to this paper about BitBlazer and how people use it to look for vulnerabilities in bin codes. That's great, because since I was messing up with "Tiny Daemon" (the web server presented in Art of Explotation) I though something like:
"Well, it won't be easy to find vulnerabilities in a source codes with hundreds or even thousands of lines. Don't to mention when I'm analysing a program without the source code, because look into the binaries would be much more difficult."
Since then I knew some day I will need to write some tool to help me with such scans. Since I have no idea how it works, what patterns to look for, what "behaviors, etc, starting with BitBlaze seems a good idea. So, thanks!

Know I have two questions. The first, and most important, is there a program like BitBlaze, but instead of looking the binaries and debbuging, would scan "signatures" inside the source codes? Like vulnerables uses of given functions? or Maybe lack of bounderies during memory allocation? off-by-one erros? Vulnerables Pointers overflow? Can you get what I mean?
I'm thinking in C, because since then its the language I'm most familiar (Or should I say, less alien). What about the errors inherents of others languages? I don't know if I am being clear, but I hope so.

Well I'm still listening. When I wrote this thread I was stucked...now I have promising paths and nice materials. If you could continue, I'd appreciate!

Re: Drilling down Apache codes for fun and learning

dynamic ip 64.423.541.322 (fictional address, of course). If some one connects to 64.423.541.322, he would not connect to me, but to the tel company server, right?

It should be the router closest to the phone line, were you are. The tel company could have a proxy that you go throught and that could be its IP or not.
Most likely its you BB router. You would have to forward ports(virtual serivce/port fowarding)

Know I have two questions. The first, and most important, is there a program like BitBlaze, but instead of looking the binaries and debbuging, would scan "signatures" inside the source codes? Like vulnerables uses of given functions? or Maybe lack of bounderies during memory allocation? off-by-one erros? Vulnerables Pointers overflow? Can you get what I mean?
I'm thinking in C, because since then its the language I'm most familiar (Or should I say, less alien). What about the errors inherents of others languages? I don't know if I am being clear, but I hope so.

fxcop
splint
flawfinder
its4
prefast
bugscan
prexis
rats
code surfer
(hacking exposed book 6)+
But there proable no need to run those tools, as most of that would be run at the devlopment company, and what they find closed.
don't know the above tools will find these off-by-one erros, but a srcipt or something that searchs one line and checks for >(& not =)

Personal don't use much, a debugger and just look for test,cmp,jz,jnz,jg,add,sub,mov reg1,[reg2]- were reg one = 41414141

Re: Drilling down Apache codes for fun and learning

Fuzzers are generally the way to find flaws. Once a exception of some sort is found, it is looked at in a debugger to see what happens. Then we decide if there is a proper overwrite and address space for shellcode. once all that is finished the code for the exploit is written to put it all together.